Security Tools

MCP lets AI agents connect to your tools, but its built-in auth is limited. There's no fine-grained authorization, no governance, and no connection to your existing IdP infrastructure. Permit MCP Gateway is a zero-trust proxy that adds what's missing to any MCP server without touching its code. Swap one URL and every tool call gets OAuth authentication, Zanzibar-style authorization, consent screens, and full decision logging. No SDK to install. No agents to rewrite. Works with any MCP server.

ClawSecure is CrowdStrike for OpenClaw AI agents. 3-layer security audit, real-time Watchtower monitoring, agent marketplace and identity security, and full 10/10 OWASP ASI coverage. 41% of top skills are dangerous. 1 in 5 are sending your data to attackers. Secure your agents in 30 seconds for free. clawsecure.ai

deepidv is the AI-native identity verification engine built from the ground up — no third-party APIs, no markup. Verify IDs, run on-going monitoring, deploy risk agents, accurately detect deepfakes, run credit checks, background checks, title searches and validate addresses across 211+ countries. Enterprise power, startup pricing.

BurnLink lets you share sensitive files with end-to-end encryption and one-time links that burn themselves after access. No accounts. No permanent storage. No trust required.

Organizations secure buildings, networks, and data. The digital influence reaching people inside their physical locations is uncontrolled. RevFirma creates a digital perimeter that allows organizations to control the digital influence surrounding their property. We first tested the system in Carlton Landing, Oklahoma, absorbing 146,000+ external ad impressions targeting people inside the community. Every physical place has digital influence. RevFirma gives owners control of it.

LaunchSafe delivers agentic pentesting in a few clicks. Our AI agents actively try to hack your app across code and live environments to uncover real vulnerabilities. Unlike $10K+ pentests that take weeks or scanners that produce false positives, LaunchSafe proves exploits in ~3 hours with OWASP Top 10 coverage. Issues are verified by certified cybersecurity engineers, and our Fix Plan can automatically submit PRs to resolve them. Built for startups and teams that ship fast.

An application security agent that helps you secure your codebase by finding vulnerabilities, validating them, and proposing fixes you can review and patch. Now, teams can focus on the vulnerabilities that matter and ship code faster.

Govern and secure AI agents and MCP servers with centralized visibility, policy control, and audit trails. Security, compliance, and control for the agentic era.

Sequirly warns you before you share sensitive data with AI tools, keeping your privacy and security intact. It scans prompts and document uploads in real time, detecting API keys, credentials, and personal information before they reach Claude, ChatGPT, Gemini, or any AI tool. All scanning happens locally in your browser.

Musical Authentication uses a musical key instead of a password for authentication

Your security tools generate thousands of alerts a day. How many actually get investigated? Flarehawk does it for you. Real-time threat detection, automated investigation, and one-click fixes. Our ML engine builds a model unique to your environment and gets smarter every day. 5-year log retention, SSO, Slack integration, all built-in. Starting with Cloudflare Enterprise. Now in open beta.

Koidex helps you answer one question fast: "Is this safe to install?". Search extensions, code packages, and AI models across VS Code, JetBrains, npm, and Hugging Face. You can also install the Koidex IDE extension for real-time background scanning in Cursor and Windsurf. Free, no setup.

I got frustrated with password managers that feel like enterprise software. So I built the one I actually wanted. Lemonade keeps passwords,env files and API keys in one AES-256-GCM encrypted vault. TOTP, Passkeys, Emergency Access, Secure Notes, Chrome & Firefox extensions. No desktop app — it's a PWA. Free for 15 passwords, $2.99/mo unlimited. The Env Vault is the differentiator: drop your project folder and Lemonade detectsenv files, credentials — everything you can't commit to git.

Keychains.dev is a secure credential proxy for AI agents. Use "keychains curl" as a drop-in for curl — just replace hard-coded credentials with template variables like {{GITHUB_TOKEN}}. Keychains injects real credentials server-side. Your agent never sees raw secrets — immune to prompt injection by design. Users approve each permission with one click and can revoke access anytime. Full audit trail. Works with 11,000+ API providers (OAuth, API keys, basic auth).

Keychains.dev is a secure credential proxy for AI agents. Use "keychains curl" as a drop-in for curl — just replace hard-coded credentials with template variables like {{GITHUB_TOKEN}}. Keychains injects real credentials server-side. Your agent never sees raw secrets — immune to prompt injection by design. Users approve each permission with one click and can revoke access anytime. Full audit trail. Works with 11,000+ API providers (OAuth, API keys, basic auth).

The first security-scored directory for AI skills. Scan GitHub/GitLab repos with SKILL.md files through 4-layer security analysis: manifest, static code, dependency, and LLM behavioral checks. Get 0-100 trust scores, real-time vulnerability detection, and security badges. 8,890+ skills scanned, 6,300+ findings identified. Part of The Red Council security suite. Discover trusted AI capabilities or validate your own.

Build agents, automations, apps, and integrations in seconds. Tines offers a secure, trusted, vendor-agnostic platform to build, run, and monitor all your workflows

0xAudit is the first security audit platform built for autonomous AI agents. Your agent can scan its own infrastructure via MCP protocol, get auto-fix code diffs, and verify remediation — no human needed. 82+ vulnerabilities found across production platforms. Pay per scan with USDC on Base. Free open-source scanner included.

OpenClaw agents have full system access. One malicious skill could steal your data or API keys. SClawHub scans every skill for security issues and gives you a trust score (0-100) before you install. Free, transparent, open methodology.

Alive is a lightweight safety status tool for people living alone. Unlike location/social tracking, it’s almost invisible: set a check-in timer and tap once daily; if time runs out or check-ins are missed, it auto emails tiered alerts to your emergency contacts. It’s instant to start (no sign-up), no location, minimal permissions, no irrelevant data. Contacts and logs are encrypted. Customize period, grace, reminder cadence, and quiet hours. Silent when you’re fine, loud when you’re not.

PicKey’s AI uses your favorite picture along with a 3D character to create an exceptionally strong Master Password. You no longer need to type or remember any text passwords. PicKey, being a visual password manager blends absolute security with effortless usability.